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DETAILED ACTION 

1. Claims 1 - 16 are pending. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on 
01/16/2007 has been entered. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-16, have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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5. Claims 1, 9 and 12 - 15 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Gray U.S. Patent No. (5,884,497). 

6. As per claims 1 and 12-15, Gray discloses a process at the client data 
processing system applying the cipher function to the client password, which 
corresponds to the stored cipher-protected client password, thereby to generate a 
cipher-protected client password, which is equivalent to the stored cipher-protected 
client password (Gray, Col. 5 Lines 29 - 40, encrypted passwords), and performing an 
authentication check using the client data processing system's cipher-protected client 
password and the server data processing system's stored cipher-protected client 
password as a shared secret for said authentication check (Gray, Col. 5 Lines 29 - 40, 
compares to check validity of passwords) the authentication check is adapted to be 
performed without having the client password in a cleartext format on the server data 
processing system (Gray, Col. 5 Lines 29 - 40, compares the encrypted passwords) 
wherein the authentication method is adapted to function without additional software 
infrastructure (Gray, Col. 5 Lines 29 - 40, no external software needed). 

7. As per claim 9 Gray discloses the server processing system's password 
repository is preferably integrated within the operating system of the server data 
processing system (Gray, Col. 6 Lines 9 - 21, OS works with verification system of 
passwords thus accessing all passwords associated to the system). 
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Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 2 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gray U.S. Patent No. (5,884,497) in view of Boyko et al. U.S. Patent No. (7,047,408). 

10. As per claim 2, Gray fails to teach an authentication check includes performing a 
mutual challenge-response authentication protocol check. However, in an analogous 
art Jablon teaches an authentication check includes performing a mutual challenge- 
response authentication protocol check (Boyko, Col. 3 Lines 24 - 36). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Boyko's secure mutual network authentication with Gray's 
apparatus for providing an authentication system, because it offers the advantage of 
being a more secure. 

11. As per claim 16, Davis as modified teaches generating a cipher-protected client 
password by applying said first cipher function to the client's password, thereby to 
provide the client and server processes with a shared secret (Boyko, Col. 3 Lines 24 - 

* 

36), generating a client response and counter-challenge to the server challenge, the 
client response and counter-challenge including a message authentication code 
computed using the cipher-protected client password (Boyko, CoL 3 Lines 24 - 36), 
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forwarding the client response and counter-challenge to the server process ((Boyko, 
Col. 3 Lines 24 - 36) receiving the forwarded server response; generating an 
anticipated server response and comparing the received and anticipated server 
responses to determine whether they match; and in response to a positive match, 
confirming successful authentication (Boyko, Col. 3 Lines 24 - 36). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Boyko's secure mutual network authentication with Gray's 
apparatus for providing an authentication system, because it offers the advantage of 
being a more secure. 

12. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gray U.S. 
Patent No. (5,884,497) in view of Patzer et al. U.S. Patent No. (6,732,270). 

1 3. As per claim 3, Gray fails to teach the cipher function is an encryption algorithm 
wherein the cipher-protected client password comprises a salt and a character string. 
However, in an analogous art Patzer teaches the cipher function is an encryption 
algorithm wherein the cipher-protected client password comprises a salt and a character 
string (Patzer, Col. 4 Lines 18-31). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Patzer' s method to authenticate a network access server 

* 

to an authentication server with Gray's apparatus for providing an authentication 
system, because it offers the advantage of protecting against imposter clients (Patzer, 
Col.2 Lines 16-20). 
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14. Claims 6 - 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gray U.S. Patent No. (5,884,497) in view of Davis et al. U.S. Patent No. (6,064,736). 

15. As per claim 6, Gray fails to teach a hash function. However, in an analogous art 
Davis teaches a hash function (Davis, Col. 4, Lines 50 - 52). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Davis' password verification method and system with 
Gray's apparatus for providing an authentication system, because it offers the 
advantage of protecting against unwanted users (Davis, Col. 2 Lines 15 - 26). 

16. As per claim 7, Gray as modified teaches a process at the server data processing 
system retrieving from the repository the respective token for a stored cipher-protected 
client password, and transmitting the token to a client data processing system (Davis, 
Col. 5, Lines 11 - 14) and the process at the client data processing system applying the 
cipher function to the combination of the transmitted token and the client password 
which corresponds to the stored cipher-protected client password, thereby to generate 
the equivalent cipher-protected client password for use as a shared secret (Davis, Col. 
5, Lines 18-31). 

17. As per claim 8 Gray as modified teaches the token is a random number (Davis, 
Col. 5, Lines 11-13, salt). 
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18. Claims 4, 5 ancMO are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gray U.S. Patent No. (5,884,497) in view of Yatsukawa U.S. Patent No. 
(6,148,404). 

19. As per claim 4, Gray fail to teach an authentication check comprises generating a 
common secret session key at both the client and server data processing systems, 
using the generated encrypted client password at the client and the stored encrypted 
client password at the server, and using this common secret session key in a mutual 
challenge-response authentication protocol. However, Yatsukawa teaches an 
authentication check comprises generating a common secret session key at both the 
client and server data processing systems, using the generated encrypted client 
password at the client and the stored encrypted client password at the server, and using 
this common secret session key in a mutual challenge-response authentication protocol 
(Yatsukawa, Col. 19, Lines 62 - 67). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to us Yatsukawa's common session-key with Gray's apparatus 
for providing an authentication system, because it offers the advantage of confidentiality 
by limiting the chance of leakage of information between client and server along with 
unauthorized intrusion (Yatsukawa, Col. 1 Lines 35 - 42). 

20. As per claim 5, Gray teaches a secret session key is generated by applying a 
cipher function to each of the generated encrypted client password at the client and the 
stored encrypted client password at the server (Yatsukawa, Col. 3, Lines 52 - 55). 
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At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to us Yatsukawa's common session-key with Gray's apparatus 
for providing an authentication system, because it offers the advantage of confidentiality 
by limiting the chance of leakage of information between client and server along with 
unauthorized intrusion (Yatsukawa, Col. 1 Lines 35 - 42). 

21 . As per claim 10, Gray as modified teaches the operating system is an operating 
system conforming to the UNIX operating system standard or derived from a UNIX 
conforming system (Yatsukawa, Col. 19, Lines 3 - 6). 

22. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gray 
U.S. Patent No. (5,884,497) and Yatsukawa U.S. Patent No. (6,148,404), as applied to 
claim 10 

23. As per claim 1 1 , Gray fails to teach the encryption algorithm is provided by the 
UNIX crypt() function. However, in an analogous art Davis teaches the encryption 
algorithm is provided by the UNIX crypt() function (Davis, Col. 5, Lines 13-16). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Davis' password verification method and system with 
Gray's apparatus for providing an authentication system, because it offers the 
advantage of protecting against unwanted users (Davis, Col. 2 Lines 15 - 26). 



Conclusion 
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24. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Roderick Tolentino whose telephone number is (571 ) 
272-2661 . The examiner can normally be reached on 8:00am - 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Roderick Tolentino 

Examiner 
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